1. Technical Field
The present invention relates to computer networks in general, and in particular to a method for providing communications between computer networks. Still more particularly, the present invention relates to a method for exchanging information between computer systems from different computer networks.
2. Description of Related Art
In general, communications among computers within a computer network can be freely performed, but communications among computers from different computer networks are routinely restricted in some way for security reasons. A typical example is the protection of a private computer network from intruders attempting to gain unauthorized accesses to the private computer network.
The most straightforward solution for protecting a computer network with heavy access restrictions (for example, in military environments) is to isolate the computer network completely from other computer networks. However, such solution is very rigid, and it prevents any exchange of information with computers from other computer networks.
Besides, a complete isolation of a computer network is usually untenable in most practical situations, and typical examples include the use of a private computer network for implementing Internet-based applications, or the interconnection of different sub-networks in the same organization. In those cases, security concerns arise whenever a relatively secure computer network is exposed to a substantially uncontrolled external environment.
A prior art solution for providing computer security when interconnecting a secure computer network to other computer networks is to use a firewall on the secure computer network. The firewall checks all the information entering or leaving the secure computer network, and only allows certain information to transit as specified by corresponding security policies. Particularly, the security policies define which computer of an external computer network is allowed to access which computer of the secure computer network. However, each computer of the secure computer network must individually implement the control of the authorizations to read and/or write the corresponding information (by any user of the computers of the external computer network). Thus, the configuration of the computers within the secure computer network is very tedious. Moreover, the maintenance of the secure computer network is very difficult (especially in highly dynamic environments). All of the above-mentioned drawbacks make the firewall approach very undesirable, especially when the two computer networks have a minimum degree of complexity. In addition, the transit of all the information exchanged between the computer networks through the firewall adversely affects their performances.
Alternatively, it is possible to open a tunnel between selected computers of the two computer networks. The tunnel includes a communication channel that crosses the firewall with one or more point-to-point connections establishing a transparent pipe between each pair of computers. However, the tunnel solution can also impair the security of the computer systems.
Consequently, it would be desirable to provide an improved method for exchanging information between computer systems from different computer networks.